The Bangladesh Securities and Exchange Commission (BSEC) has commenced an audit of the IT operations of the Dhaka and Chittagong stock exchanges. This initiative aims to evaluate the systems’ strengths, weaknesses, and potential threats, ensuring robust and effective services in securities trading.
A six-member inspection committee, formed in May, has begun its work, requesting detailed SWOT (strengths, weaknesses, opportunities, and threats) analyses and mitigation strategies from the stock exchanges. The committee’s focus includes data security, confidentiality, backup procedures, and log management.
Given the critical role of information technology in facilitating securities trading, this audit is particularly timely. The Dhaka Stock Exchange (DSE) has faced multiple technical glitches in recent years, prompting investigations that have yet to be publicly disclosed. Notably, in March, an operational error led to incorrect information being displayed for an entire trading session, leaving investors in the dark.
A BSEC official, speaking anonymously, emphasized that the regulator is committed to resolving these issues permanently. The commission will take appropriate measures if any deficiencies are identified.
Tasks of the Committee
The inspection committee will conduct comprehensive annual IT audits and partial audits focused on critical information handling. In case of any significant incidents that may affect trading or market operations, the committee will submit interim reports to the commission.
Sheikh Mahbub Ur Rahman, Director-General of BSEC, serves as the committee’s convener, with Md Yasin Rahman, Assistant Director of BSEC, acting as the secretary.
The committee’s responsibilities include auditing the IT infrastructure, data servers, and software handling issues of the exchanges. They are required to submit reports within 30 working days of the financial year’s end. Additionally, quarterly audits on critical information handling will be conducted, with reports due within 10 working days of each quarter’s end.
The audit scope encompasses compliance, physical and network security, data backup and recovery, hardware and software inventory, change management, environmental controls, access control, incident response, monitoring logging, vendor management, and other related issues.
This comprehensive IT audit aims to ensure the smooth operation and trading of securities, addressing any potential vulnerabilities in the exchanges’ IT systems.